1. 1
    #define strscpy(dst, src, len)  \
        do {                        \
            memset(dst, 0, len);    \
            strlcpy(dst, src, len); \
        while (0);
    

    How’s this? I bet there’s still a one-off bug somewhere.

    1. 3

      not that it matters, but memset(3) will return dst, so you could (maybe not should) also do

      #define strscpy(dst, src, len) \
      	strlcpy(memset(dst, 0, len), src, len)
      
      1. 2

        Still has the problem of evaluating len twice.

        For clarity’s sake, a better approach here would be to implement strscpy as a (potentially inline) function rather than a macro. The types of all the arguments are known and there’s no preprocessor trickery going on.

      2. 2

        Probably just a typo, but drop the semicolon after while (0). Having it defeats the purpose of wrapping your code in a do {} while loop in the first place.

        1. 1

          You’re right that it’s a typo, but it doesn’t break anything, as far as I see. It would just equality valid to add or to omit a semicolon in the real code.

          1. 10

            The whole point of using do { ... } while (0) is to handle the case where adding a semicolon in the real code is not valid. Consider the calling code

            if (a)
                macro();
            else
                foo();
            

            If you define your macro as #define macro() do { ... } while (0) then this works fine. But if you define it as do { ... } while (0); then this expands to

            if (a)
                do { ... } while (0);;  /* note two semicolons here */
            else
                foo();
            

            That extra semicolon counts as an extra empty statement between the body of the if and the else. You can’t have two statements in the body of an if (without wrapping things with curly braces) so the compiler will refuse to compile this. Probably complaining that the else has no preceding if. This is the same reason why plain curly braces don’t work properly in a macro.

        2. 2

          How do you detect truncation?

          strlcpy will also attempt to evaluate strlen(src), meaning that if src is malformed, you will read memory that should not be read, and you will waste time evaluating it in every case.

          ssize_t strscpy(char *dst, const char *src, size_t len)
          {
          	size_t nleft = len;
          	size_t res = 0;
          
          	/* Copy as many bytes as will fit. */
          	while (nleft != 0) {
          		dst[res] = src[res];
          		if (src[res] == '\0')
          			return res;
          		res++;
          		nleft--;
          	}
          
          	/* Not enough room in dst, set NUL and return error. */
          	if (res != 0)
          		dst[res - 1] = '\0';
          	return -E2BIG;
          }
          
          1. 1
            char *dir, pname[PATH_MAX];
            if (strlcpy(pname, dir, sizeof(pname)) >= sizeof(pname))
                goto toolong;
            
        1. 1

          This is cool, I always wondered in what order links get reposted, being of course a bit more biased to this site.

          Maybe binding in something like Reddit would be cool too, since I sometimes notice a emacs-related link I post here appear on /r/emacs, and it’s happened a few times too many for me to think that it’s random. But since I don’t keep up to the other subforms over there, there might be more going on?

          1. 3

            Maybe binding in something like Reddit would be cool too

            If @gerikson is willing to add Reddit, it would be interesting to add (just) r/programming. (I think that subreddit should be enough for the most of the stuff that usually gets cross-posted)

            1. 1

              I’ve updated the page to include links from /r/programming.

            2. 2

              I’m not familiar with the Reddit API, but maybe if there was a firehose of every link submission one could get stuff that was posted to all subreddits. I tried to keep my code written so adding another source would be possible, and doing so would be a good test. Thanks for the suggestion,

              1. 9

                Also in case it’s helpful, here’s a blog post about how f5bot watches all of reddit: https://intoli.com/blog/f5bot/

                1. 2

                  Well… that’s a bit more impressive than my little app. Thanks for the link!

                2. 3

                  there’s https://www.reddit.com/new.json (docs).

              1. 38

                It boggles the mind to see how many browser features web developers re-create poorly within the browser. Why do they fight the platform so much?

                1. 18

                  Why do they fight the platform so much?

                  Probably a lot of bad reasons, judging by some of the sites I’ve been forced to use. However, in some cases there are good reasons.

                  For example, my employer makes a document editing app specialized for certain types of accounting workflows. We can’t use the browser scroll because the browsers cap the number of pixels “tall” that a page can be, and some of the documents our customers create would blow past the cap and break scrolling. Hence, we have our own “viewport” implementation that doesn’t work quite as well as native scrolling, but also doesn’t have that limitation.

                  Ultimately, I blame the fact that we’re creating “apps” on a platform that was designed for mostly-static documents. We can hate it all we want, but it’s not going away because the benefits are enormous (cross-architecture, cross-OS, cross-device, no “updates”, and so on). So until the browsers provide a platform that is actually designed for building “apps” rather than having those features awkwardly bolted on, things are going to continue to kind of suck.

                  1. 3

                    We can’t use the browser scroll because the browsers cap the number of pixels “tall” that a page can be

                    Wait, what? I’ve never seen browsers cap page length. Are you experiencing a hard cap, or a soft cap where perf gets bad when there’s too much to render?

                    1. 8

                      It’s effectively a hard cap. The cap is very, very large, but we have customers that use our software to produce 30,000 page documents, so we would hit it. Based on a very quick search, this seems to be a reasonable place to start if you’re looking for more information: https://stackoverflow.com/questions/34931732/height-limitations-for-browser-vertical-scroll-bar

                      1. 4

                        Just curious, what sector does produce a 30k page document? I hope they don’t print it at least!

                        1. 5

                          I don’t know much about this sort of thing (I don’t work directly with our customers) but from what I understand it’s mostly large financial institutions (banks, insurance companies) that build these huge documents that basically spell out their exposure to risk. I assume they’re never printed, my employer’s original product was for filing SEC reports without printing anything, so… hopefully? :-)

                          1. 1

                            I wonder if they’re even read! Maybe just queried for individual pieces of information.

                        2. 1

                          Wow, super interesting. Thanks for the link!

                    2. 2

                      Full ACK. There are some edge cases where you can’t really do much else. One of these I’ve encountered while building https://xkcd.wtf (yeah, that’s a domain): I don’t want to proxy all those API calls for you.

                      In the end, I learned a lot about Javascript (and it did change my mind a little bit in the positive direction (keyword: promises)), but never got it even close to the speed my Perl/CGI prototype (that just used qx{curl -s ...}).

                      1. 1

                        Out of interest, what was the assignment? was it necessary to build a frontend in javascript or perform client side rendering?

                        Visiting the site gives me the message that you don’t like it either. Is that just appealing to your audience, or is there a reason you didn’t stick wit Perl/CGI?

                        1. 2

                          what was the assignment?

                          None—the course was dropped from the curriculum just before the start of the semester. (original ass.: build anything that uses any webdev-platform (spring, django, whatever) and calls 3 different apis). I had the domain purchased in anticipation of the course.

                          is there a reason you didn’t stick wit Perl/CGI?

                          Perl/CGI is my go-to for everything (like my teletext-server). But for hosting it elsewhere, I didn’t want to proxy all the API calls (don’t ask me exactly why, though, it’s been a while since I thought about it).

                          Visiting the site gives me the message that you don’t like it either.

                          The <noscript> message? I’m one of those people™ who browses without javascript or cookies (few sites whitelisted).

                          your audience

                          The audience of this site is probably just me and a few friends; I haven’t really publicised its existence.

                          1. 2

                            I had the domain purchased in anticipation of the course.

                            Good catch, it’s a cool domain.

                            I’m one of those people™ who browses without javascript or cookies

                            I get you, I’m the same.

                            probably just me and a few friends

                            You can add me to the list now, it’s a pretty nice site :)

                            Out of interest, how many of your friends using it are the kind of people who browse without javascript?

                            1. 2

                              Thanks! In my circle of friends, I’m the only one browsing without Javascript.

                      1. 6

                        Wow, this Github thread was painful to read. Thanks for the reference!

                        1. 3

                          We had the same issue with the palemoon author for publishing PKGBUILDs on the Arch User Repository (since it patched the build process in the PKGBUILD). I personally can’t take such a project serious and wouldn’t recommend anyone to use it.

                          1. 1

                            As “upstream” I’d be happy if people came around and showed so much interest in my project that they’d start to package it on their own, even more when they’re more proficient on that platform..

                            1. 2

                              On the other hand you’ll get bug reports that you can’t reproduce because people will complain with upstream, not with the packager. And then you’ll need to go hunting for whoever messed up the binary with local patches.

                              So I can understand projects (which includes Mozilla) expecting such distributors to use a branding that is clearly different from theirs, but the attitude they demonstrated on that issue was completely out of line.

                          2. 2

                            ok I was about to reply that we shouldn’t further stamp on somebodies project (see V), but this is painful..

                            I will not be as educational next time.

                            1. 2

                              I “”“love””” what they’ve done to about:mozilla (link to git). Not condescending at all!

                            1. 2
                              curlftpfs -ossl ftp.host.tld /tmp/x
                              cp oldpost.htm newpost.htm
                              vi newpost.htm
                              
                              1. 17

                                If you set the contenteditable attribute, you can even live-edit the css on the page

                                <style contenteditable style="display:block">
                                

                                and BTW, uBlock injected a big element at the very beginning of the linked website

                                1. 6

                                  My brain, currently somewhat fatigued, wanted to google what a ‘contented itable’ was and what you use it for. I need a break, methinks.

                                  1. 2

                                    Oh, interesting point about making injected content visible. I may have to experiment with that. Would be good to see what extensions are really doing.

                                    1. 1

                                      hi – i made a different example that makes the style editable (using contenteditable)

                                      https://secretgeek.github.io/style_edit/style.html

                                      Note (as it says there) that if you press Enter while editing the style, the browser will inject elements that stop being treated as part of the style tag. So be careful with this new super power!

                                    1. 5

                                      This article conflates things to the point where things start to become incorrect.

                                      For example, the AGPL is not considered to be Open Source by the OSI, unlike the author states (§“A months-long comical debate”). Also, the SSPL goes far beyond what the AGPL requires (compare §“To illustrate:”), and the author doesn’t seem to realize the implications a “no SaaS(s)” clause has.

                                      On a side note, labelling the creator of the Commons Clause “undisputed” in this context feels off to me. As does the “The author […] is a big fan of Amazon” at the end.

                                      There will have to be some solution about SaaS providers not giving back to upstream developers, but source-available shouldn’t be the solution (and I can’t provide a solution either). I’m not a big fan of (ab)using copyleft licences as a way of nudging companies to proprietary licences in general. The AGPL is meant as a tool to increase freedom, not scare people away from it.

                                      1. 9

                                        For example, the AGPL is not considered to be Open Source by the OSI, unlike the author states (§“A months-long comical debate”).

                                        Yes it is.

                                        https://opensource.org/licenses/alphabetical

                                        I absolutely agree with the rest of your comment though. I really dislike the positioning of SA licenses because they all focus on “commercial use.”

                                        My hope is that strong (and now we need stronger) copyleft results in more free software. The current trend in SA licenses is focusing on who is allowed to make money and it’s not sustainable.

                                        1. 2

                                          I stand corrected, thanks! (I can’t edit my comment any more :/ )

                                          The GNU AGPL was OSI-approved in 2008

                                        2. 2

                                          doesn’t seem to realize the implications a “no SaaS(s)” clause has

                                          I could see “no SaaS” impacting some people if that by itself is the wording. What do you think are the implications past making commercial freeloading hard? Especially if they were willing to grant a free or cheap license for any of the folks whose use cases weren’t the Amazon-type stuff the license is really trying to block? That second question is a thought experiment, not what a specific company is doing.

                                          1. 4

                                            For implicaitons: It is a restriction on how you can use it. Simplest case, your company will refuse any murky licensing terms (I’m honestly not too knowledgeable about how sspl and co fare there). But more importantly, it also makes forking impossible: while the original authors may provide SaaS, you and your fork may not.

                                            re: cheap/gratis licences: It’s still non-free; especially the forking thing is a show stopper for me. Granted, I’m speaking from position where I can put my personal values (cynical: “ideology” :P) above business decisions.

                                            1. 1

                                              “But more importantly, it also makes forking impossible”

                                              If current licenses do that, it should be fixable. My hypothetical licenses would allow forking if one was a paying customer. They keep paying to use the derivatives with upstream isn’t required to support past maintaining the original version.

                                              “Granted, I’m speaking from position where I can put my personal values (cynical: “ideology” :P) above business decisions.”

                                              Love seeing honesty in these discussions. There could be businesses and individuals doing something different. I remember enjoying lots of shareware and freeware back in the day. My standard today is that whatever is non-free/open has open formats and protocols to prevent data lock-in. If it does, use it while it’s useful. If it doesn’t, steer clear of it since it’s lock-in in progress.

                                        1. 13

                                          “Digitize books” was something I could get behind. “Train our self-driving cars”? Not so much. Bit of a trojan horse, innit? I prefer to solve the audio captchas, but am occasionally rebuked. Perhaps the scammers will eventually figure out how to automatically solve it. What’ll come next? “Select the members of al qaeda”? The format’s ripe for memeing on.

                                            1. 3

                                              Select all squares that match “Sarah Connor”.

                                              https://pbs.twimg.com/media/DJeAlYTVAAAk7Lp.jpg

                                            1. 5

                                              This is one of my “favourite” failures in Programming.

                                              Recently, the 737MAX failures have reminded me of the Therac-25. (use of only 1 of the AoA sensors, the disagree indicator being an optional extra, all the workarounds to keep common type rating, missing FAA oversight, …)


                                              tag suggestion: practices

                                              1. 14

                                                Oh wow – this is an elaborate “prank.” You can actually even view bug reports, git {commits,trees,etc}, … there even are ASCII graphs of the popcon!

                                                In case you’re in need for a gopher client: lynx(1) works well.

                                                1. 4

                                                  I use sacc(1), or custom scripts that just does printf '%s\r\n' "$query" | nc "$domain" "$port" and that just works. :)

                                                  1. 1

                                                    Or, for Emacs: https://github.com/msnyder-info/gopher.el

                                                    There’s also a Firefox plugin (which I found out about browsing gopher via Emacs….)

                                                  1. 6

                                                    I was looking for a cheap VPS some time ago and a quora question was one of the first search results on duckduckgo. The topmost 5 or so answers were marketing people pitching their own services.

                                                    I don’t know whether these were ‘sponsored’ or just the moderation team not being able to catch up, but that left such a bad taste in my mouth that I simply don’t bother clicking on any quora link any more.

                                                    1. 8

                                                      If you need a freely licensed font, google Noto has you covered. Fedora has it as google-noto-sans-egyptian-hieroglyphs-fonts.noarch, for example

                                                      (this must be a fairly new addition to Noto, since I couldn’t find it last time I ‘researched’ this exact same topic)

                                                      1. 4

                                                        The sans hieroglyphs in the name makes it sound like the censored version of the font.

                                                        1. 5

                                                          sans stands for sans-serif.

                                                          1. 2

                                                            If you don’t know what it actually means

                                                        1. 21

                                                          How ’bout no:

                                                          • obscures meaning (/u/L-P)
                                                          • can’t type them on a normal keyboard
                                                          • can’t display them reliably in terminal emulators
                                                          • not greppable (/u/barakmich)

                                                          It’s an interesting to me that in some bubbles (JavaScript comes to mind) this is perfectly acceptable, while in others (like mine) this wouldn’t fly.

                                                          1. 3
                                                            • can’t type them on a normal keyboard
                                                            • can’t display them reliably in terminal emulators

                                                            I have use custom vim keybindings for entering emojis in mutt within tmux in Gnome Terminal, and it works fine. (But GNU screen glitches with UTF-8)

                                                            • not greppable

                                                            They are with GNU grep:

                                                            $ echo 🍷 | grep "[🍷🐧🍎🏁]"
                                                            🍷
                                                            
                                                          1. 17

                                                            Personal Opinion: No. RFC725 says, HTTP-451 should be used “when a server operator has received a legal demand to deny access to a resource” and “This type of legal demand typically most directly affects the operations of ISPs and search engines.” Sure, there is no explicit mention of the word censorship, but that is what is implied by the RFC and explicitly stated the author of the original proposal.

                                                            The GDPR doesn’t require a website owner to block EU users, just to respect their rights as data subjects. Since they refuse service, a 403 code seems most appropriate (”[403] indicates that the server understood the request but refuses to authorize it.”).

                                                            1. 2

                                                              I agree. If a website operates in a way that violates the GDPR, serving the content to a EU citizen is accompanied by a violation of the GDPR. It is illegal for the website to serve them the content, not because of the content itself, but because of the technical process used to serve the content. With the enactment of the GDPR, the server operator has effectively received a demand to deny access to all resources of the website to EU citizens, as long as the technical process has not changed. But it’s about the process, not about the content. And 451 is about the content.

                                                            1. 2

                                                              There are some real gems in these stories. Travaglia still writes them for The Register about twice a month.

                                                              (I just had a look in my own archive: 645 stories from 1989-2018)

                                                              1. 4

                                                                “Hooray! We have forked an already small community into yet another smaller community because…”

                                                                Well, the “because” doesn’t really matter, even though they make extremely valid points! In an already incredibly fragmented community (how many derivatives of OpenSolaris does this make?) this makes the problem bigger…

                                                                I don’t follow illumos very closely, but are there reasons that community won’t assist in pushing towards solving the concerns that sparked unleashed? Surely illumos is also an operating system that “developers want to use,” no?

                                                                1. 10

                                                                  As always, we’re happy to work with people who want to push changes to illumos-gate!

                                                                  1. 5

                                                                    xkcd 1095 seems relevant. :^)

                                                                    1. 1

                                                                      Yeah, maybe. :)

                                                                    2. 4

                                                                      If the illumos community were healthy I would agree with you and I wouldn’t have bothered to create this fork. Sadly, I think the illumos community has problems and the people that truly have a lot of say where the project goes either don’t see them or like the status quo.

                                                                      Two years ago when I started Unleashed, I had a dilemma: should I fork illumos or ditch it for one of the BSDs. When I realized that there were other people that were just as unhappy with the (lack of) direction illumos had, making a fork sounded like a good option. That’s how we got here.

                                                                      Now where do we go from here is an open question. It is completely possible that Unleashed will fizzle, at which point I can say that no real harm was done. The illumos community will remain as small as it was two days ago, with major contributors like Delphix bailing on illumos in favor of Linux. If Unleashed takes off and in the process kills off illumos, the overall ecosystem will be better off. There might be a person or two grumpy that they can’t run their emacs binary from 1994, but in my opinion that is a small price to pay.

                                                                      Surely illumos is also an operating system that “developers want to use,” no?

                                                                      That is the reason I considered and ultimately went with a fork instead of bailing on it. The technology in Solaris/OpenSolaris/illumos/Unleashed is great, and I didn’t want to give it up. I wanted to give up the hugely inefficient and ultimately counter-productive contribution process.

                                                                      Happy hacking!

                                                                      1. 4

                                                                        Thanks for taking the time to respond. I know my post probably came off as aggressive, and if I’m honest, it was half intended to be. I think forks are very disruptive, and wish, of course, to minimize these sorts of things when at all possible.

                                                                        When I realized that there were other people that were just as unhappy with the (lack of) direction illumos had, making a fork sounded like a good option.

                                                                        This makes total and reasonable sense. I didn’t mean to imply that you hadn’t thought this through! And appreciate that you used it as a sort of last resort.

                                                                        That is the reason I considered and ultimately went with a fork instead of bailing on it. The technology in Solaris/OpenSolaris/illumos/Unleashed is great, and I didn’t want to give it up. I wanted to give up the hugely inefficient and ultimately counter-productive contribution process.

                                                                        Thanks for doing what you’re doing, and I wish Unleashed success (and maybe either domination or an eventual merge of the communities again)!

                                                                        1. 3

                                                                          Thanks for taking the time to respond.

                                                                          No problem. I really had no choice - someone on the internet was “wrong” ;)

                                                                          I know my post probably came off as aggressive, and if I’m honest, it was half intended to be.

                                                                          The phrasing certainly made me go “urgh, not one of those…” but it sounds like we both agree that forks are disruptive, but you think that it’s a negative thing while I think it is a positive thing. A reasonable difference of opinion.

                                                                          Thanks for doing what you’re doing, and I wish Unleashed success (and maybe either domination or an eventual merge of the communities again)!

                                                                          Thanks, that’s the idea :)

                                                                          1. 2

                                                                            The phrasing certainly made me go “urgh, not one of those…”

                                                                            There’s really nothing I can offer as a legitimate excuse for that. I’m sorry.

                                                                            but you think that it’s a negative thing while I think it is a positive thing. A reasonable difference of opinion.

                                                                            The additional context you’ve provided makes me feel that it probably is the right, and positive choice in this case. I’m not vehemently against forks if there’s a legitimately good reason [and just to be clear, moving on from supporting legacy stuff is the important divergence I’m seeing, as it frees up resources to move faster]. I am against forks that don’t offer some radical divergence in philosophy, though. These are often rooted from deep bikeshedding on topics that don’t matter in the grand scheme of things.

                                                                            Two examples of justified forks in my opinion: @rain1 recently forked filezilla because it was incorporating “unwanted extra nonfree software.” Devuan is a fork of Debian that replaces systemd – a topic that is far beyond bikeshedding at this point, as it’s had (and will continue to have) a drastic effect on the portability of software to other ecosystems.

                                                                            1. 1

                                                                              There’s really nothing I can offer as a legitimate excuse for that. I’m sorry.

                                                                              No worries. Hopefully my initial response didn’t come across as too harsh either. If it did, my apologies.

                                                                              I am against forks that don’t offer some radical divergence in philosophy, though.

                                                                              Agreed. Although sometimes it is hard to tell if there is a justification for the fork.

                                                                              1. 2

                                                                                I am against forks that don’t offer some radical divergence in philosophy, though.

                                                                                Agreed. Although sometimes it is hard to tell if there is a justification for the fork

                                                                                I wonder when we started to need a justification.

                                                                                Why?

                                                                                1. 11

                                                                                  I wonder when we started to need a justification.

                                                                                  You do you, man. You do you.

                                                                                  In my mind, there are two types of forks we’re talking about. One of them is a “fork” on github, where I clone the repo, make some changes, contribute it back to the original author (or maybe not!), and live a happy life. These types of forks are almost always ok. It’s the “You do you, man. You do you.” response.

                                                                                  The other “fork” is far more challenging, and far more likely to cause a rift in spacetime. Those are the large, and by all accounts, successful projects that as a result divide a community, and make it difficult for users and would be contributors to find the right thing to use. These projects fork very publicly, and are rather uncomfortable, to be honest.

                                                                                  In many cases, these forks occurred because egos were hurt (I wanted it yellow) – a social issue – not a technical issue. In other cases, there’s a large philosophical difference that impacts the general direction of the technology. This may be licensing, whether or not to support obscure platforms, a radical new idea or focus… etc. In all cases, even if there are legitimately great outcomes (OpenBSD comes to mind), there’s a period of confusion and frustration from users who are now forced to choose where to put their effort. They are forced into taking sides, and that’s unfair.

                                                                                  1. 1

                                                                                    These are marketing concerns. Market share issues, to be precise.

                                                                                    They are valid for open source projects that are basically marketing tools, but they are pointless for free software that maximizes hackers’ freedom to hack.

                                                                                    Feeling the need to justify a fork, is the first step towards asking permission.
                                                                                    The PATENTS file in projects like Fuchsia’s kernel sources just push for that.

                                                                                    1. 5

                                                                                      Sorry, my friend. Most people don’t share your principles on what a ‘hack,’ or a ‘hacker’ is. More often than not, the people using, and writing software care more about getting the job done quickly, and without frustration, and a fork makes that harder. It doesn’t matter how you classify it.

                                                                                      1. 0

                                                                                        people using, and writing software care more about getting the job done quickly, and without frustration

                                                                                        And this is fine!

                                                                                        But, my friend, you need to understand the tools you use!
                                                                                        If you pick up a free software that is distributed “WITHOUT ANY WARRANTY” just because it’s free of charge, and you completely miss the culture of the people who develop it, you won’t get your job done. Same if you pick an open source software controlled by Google (or whoever) and you fork it to successfully challenge their market share.

                                                                                        In both cases, you’ll face surprises, unexpected costs and frustration.

                                                                                        Understanding the environment you operate in, is strategic to “get the job done”.

                                                                                        Most people don’t share your principles on what a ‘hack,’ or a ‘hacker’ is.

                                                                                        Interesting! Do you have world-wide statistics to prove such claim?

                                                                                        Not that it matters: “principles” stand to “artifacts” like “postulates” stand to “theorems”. How many people accept the postulates/principles is irrelevant.

                                                                                        I know that some people don’t share my principles. And I’m fine with it.
                                                                                        Do you know that some people don’t share your principles?
                                                                                        Are you fine with it?

                                                                                        1. 2

                                                                                          But, my friend, you need to understand the tools you use! If you pick up a free software that is distributed “WITHOUT ANY WARRANTY” just because it’s free of charge, and you completely miss the culture of the people who develop it, you won’t get your job done. Same if you pick an open source software controlled by Google (or whoever) and you fork it to successfully challenge their market share.

                                                                                          In both cases, you’ll face surprises, unexpected costs and frustration

                                                                                          I read this several times and can’t figure out what you’re saying.

                                                                                          Why do I need to understand the culture of a tool I use? As long as it fulfills my technical needs and I know what I’m prohibited to do by law, I can use it to get my job done.

                                                                                          1. 1

                                                                                            Why do I need to understand the culture of a tool I use?

                                                                                            Some example of the issues you might face:

                                                                                            • an security update could be delayed
                                                                                            • an update upstream could break your work in production
                                                                                            • you (or one of your customers) could be sued for patent violation (even if you are not actually violating it)
                                                                                            • the project might contain backdoors and your image could be associated with it

                                                                                            and so on…

                                                                                            You could ignore the culture of tools you get for free, and be lucky.
                                                                                            But in my job, I would call that short-sight and unprofessional.

                                                                                            Software is not like an hammer: even if you take it free of charges, there are strings attached.

                                                                                            1. 2

                                                                                              Some example of the issues you might face…

                                                                                              There are ways around much of these concerns. I have a support contract, or trust in a distribution (say, Canonical for Ubuntu or Red Hat), which provides vuln disclosures, and updates for me to apply. I have a development process that includes QA, and automated CI infrastructure so that breaking changes are caught before production… etc.

                                                                                              But, to the meta point:

                                                                                              But, my friend, you need to understand the tools you use!

                                                                                              Demonstrably this is not at all true. It’s easy to do a survey of 100 people – 10 people even, and ask them if they understand their tools. How are their tools implemented? How does the relational database they store and query data into/from store data on disk? How does the map type work in their favorite language? How does the VM work? How does the ORM work? How does the templating language they use work? How does the image processing library they use work to resize images, or rotate images, or whatever work? How does TensorFlow do all it does?

                                                                                              What you’ll find is that a large portion of engineers have no idea how things work. And they don’t need to know. Their job is to build CRUD apps for people who could care less if something takes a little bit longer. The developer themselves, in many cases, could care less about BTREE indexes vs. HASH indexes, and doesn’t really know the difference. For the amount of data they manipulate, doing full table scans 3 times an hour (because they literally have 3 queries an hour) is completely sane, reasonable, and still puts a smile on the face of the Administrative assistant who no longer has to go to a type writer to type out a bunch of labels. Or, who no longer has to print 10,000 college applications to give to admissions reviewers… or any number of other tasks where even the worst technology choices, recommended by underskilled developers can make a ginormous (and) positive difference on the process.

                                                                                              1. 0

                                                                                                There are ways around much of these concerns.

                                                                                                Sure, but the simplest one is to understand the tools you use.

                                                                                                And actually, trusting Debian (or OpenBSD or whatever) or signing support a contract with Canonical (or Red Hat or Microsoft or whatever) requires the cultural understanding of such people I was talking about.

                                                                                                Demonstrably this is not at all true. […]
                                                                                                …even the worst technology choices, recommended by underskilled developers can make a ginormous (and) positive difference on the process.

                                                                                                Practically you are saying: “everyone can become rich without working: just win the lottery!”. Well, this is not false. Stick on boring low-hanging fruits all your life and you will never face the issues that a professional developer has to consider every day.

                                                                                                What you describe is not to “get the job done”.
                                                                                                People die because of people who work this way.

                                                                                                In Italy we use to say: “even a broken clock can be right twice a day”.
                                                                                                Yes, incompetent developers can occasionally improve the life of someone, but for most of time, they just mess up things beyond repair.

                                                                                                1. 4

                                                                                                  Practically you are saying: “everyone can become rich without working: just win the lottery!”. Well, this is not false. Stick on boring low-hanging fruits all your life and you will never face the issues that a professional developer has to consider every day.

                                                                                                  What you describe is not to “get the job done”. People die because of people who work this way.

                                                                                                  I believe this comment really lacks perspective. What you are saying is the Shamar-style of development is the only correct style of development and anyone not doing it that way is not only doing it wrong but putting people’s lives at risk.

                                                                                                  The industry I work in produces a lot of software and consumes a lot of software, however no company in this industry would consider itself a tech company. We have people whose job title is “Software Engineer”. But, for the most part, they make pretty bad technical decisions and are fairly unskilled relative to the engineers at most tech companies. But, they aren’t “trying to get rich without working” or “win the lottery”. They are very hard working. The industry just has a different set of values where the software is incidental to the actual problem the company is solving. A lot of the things you brought up in an earlier post about why one needs to understand the culture of the software they consume doesn’t actually apply in the industry I’m in. Security updates and backdoors are almost never going to be a concern because these systems are not open to the outside. The data they consume is entirely generated and processed inside the walls of the company. In the industry I’m in, we’re actually saving lives too! I mean that literally.

                                                                                                  I hate to use this word, but your comment is elitist. Anyone not solving problems how you say is not a professional and just causing damage “beyond repair”. Your comment lacks humility and perspective yet is extremely assertive. It might be worth stepping back and questioning if what you assert so strongly is an ideal, a belief, or reality. Or perhaps it’s a challenge with the language and you don’t realize how assertive your comments sound relative to how assertive you meant them to be. But insisting people not following your development principles are killing people is a pretty strong statement, in any case.

                                                                                                  1. 0

                                                                                                    But insisting people not following your development principles are killing people is a pretty strong statement, in any case.

                                                                                                    I was not talking about software development in particular.

                                                                                                    Incompetent engineers build bridges that fell off.
                                                                                                    Incompetent phyisicians do not cure mortal deseases properly. And so on.
                                                                                                    They can get some work done, but it’s lucky, like winning te lottery.

                                                                                                    As for software, I do not means that a competent software developer cannot adopt a cheap half-working solution instead of an expensive “right” one (whatever it means in the context).

                                                                                                    On the contrary!
                                                                                                    I mean that to make a choice you need competence.

                                                                                                    I’m saying that only a competent professional that knows the tools she use can really “get the job done”.
                                                                                                    An incompetent one can be lucky some times, but you cannot trust her products and thus the job is not done.

                                                                                                    Or perhaps it’s a challenge with the language

                                                                                                    Actually, I’m rather surprised by the opposition such a simple and obvious concept is facing. All other craftmen I know (the real ones, not the software ones) agree that it takes years to “own” their tools.

                                                                                                    Probably we have diverged too much from the original topic, and we are facing a deep cultural mismatch.

                                                                                                    In Europe (that, let me say, is not living up to its own values these days) we are used to be very diverse and inclusive (note: it took centuries of wars, rapes, debates, commerce, poetry, science, curiosity and many other contaminations to get here).

                                                                                                    But we do not meld the meaning of words just to include more people.

                                                                                                    We clearly see and state the differences, and happily talk about them.

                                                                                                    And this is not elitism, it’s efficient communication.

                                                                                                    When we say “job” or “done” we convey a precise message.
                                                                                                    And if a bridge fell off and kills someone, we call the engineers who built it liars because the job was not done. At times they even stop being called engineers at all.

                                                                                                    1. 2

                                                                                                      You don’t give an inch, do you? I’ve explicitly said that I work in an industry that does not do software development like you have expressed it should be done and your response is to keep on insisting on it. On top of that, you did this annoying thing where this discussion has clearly been about software development but when I pushed back you move the goal post and start talking about bridges and medicine. It’s extremely challenging and frustrating to communicate with you, I need to work on not doing that. Thanks for the discussion, it was insightful for myself.

                                                                                                  2. 3

                                                                                                    Looks like someone got a degree in being right on the Internet! There’s no point in engaging with you, and if there was a feature to block users, I would make use of it.

                                                                                                    1. 0

                                                                                                      I’m sorry about this.

                                                                                                      If you lack arguments to support your assuptions, I can suggest to simply state such assumptions clearly. For example:

                                                                                                      Users and companies are entitled to get work and value from software developers for free, because they are in a rush to get their job done.
                                                                                                      FS and OSS forks hurts this right.

                                                                                                      I would deeply disagree on such premise.
                                                                                                      But I wouldn’t argue against the conclusions.

                                                                                                      1. 2

                                                                                                        Did you just tell me to go fuck myself?

                                                                                                        1. 1

                                                                                                          Ok, this must really be a language problem.

                                                                                                          I cannot find a translation of what I wrote that can be interpreted that way!

                                                                                                          Anyway: No, I’m not telling you to fuck yourself.

                                                                                                          1. 2

                                                                                                            I just spent 30 minutes carefully crafting a response to your absurd notion that everyone must be highly skilled or people will die. But, it’s just not worth it. You’ll find a way to twist it into something it’s not, and yell loudly about how I’m wrong without considering that you may be shortsighted in your assumptions.

                                                                                                            1. 0

                                                                                                              I’m sorry for the time you wasted.

                                                                                                              I do not think that “everyone must be highly skilled or people will die”.

                                                                                                              I think that everyone should be professional in his own job.
                                                                                                              Which, at the bare minimium, means to understand the tools you use.

                                                                                                              you may be shortsighted in your assumptions.

                                                                                                              I woudn’t even engage if I woud not assume this to be possible: there would be nothing to learn.

                                                                          2. 3

                                                                            Question that I have that isn’t clear from the post. Do you intend to maintain enough compat with Illumos that you would be able to get improvements that were done n something like SmartOS? Are you planning on continuing to pulls changes from Illumos? Planning to try contributing changes back? Or is this a hard fork where you don’t imagine there would be cross pollination?

                                                                            1. 4

                                                                              Good questions!

                                                                              1. Source-level compat, yes until it stops to make sense. Binary compat, no.
                                                                              2. I’ll continue git-pull from illumos-gate until it starts to be too cumbersome due to divergence. Once that happens, I’ll probably still take commits from illumos-gate but I’ll be more selective. In addition to illumos-gate, we cherry-pick changes from the illumos downstreams (omnios, illumos-joyent, etc.). This is open source, if those repos have good changes I’d be stupid not to take them because they were authored “outside”.
                                                                              3. I have no plan to get changes back into illumos, however the code is open so others can do it. As an example, Toomas Soome took one of the cleanups in Unleashed and got it into illumos-gate (87bdc12930bfa66277c45510e399f8a01e06c376). He also has a work-in-progress to get our cpio-based boot_archives into illumos, but I don’t know the status of that.

                                                                              Hopefully I covered everything.

                                                                        1. 3

                                                                          I’m using such a script (Perl – yay) for my blog: https://gir.st/genindex (not really a url I’m considering stable)

                                                                          Despite the popularity of markdown and static page generators, I’m writing my posts in plain HTML, and a heading usually looks like <hX id=foo>. then I’m calling above script from within vim to generate the toc.

                                                                          Looking forward to the next challenges!

                                                                          1. 28

                                                                            5 years. Nobody would dare to be that careless when it comes to e.g. oracle’s license agreements, but with the GPL, hardly anyone seems to care.

                                                                            (This isn’t just meant in re: to tesla, but many, many other players as well)

                                                                            1. 5

                                                                              It’s why Im in favor of suing the crap out of them if they dont respond to nice letters and gradual escalation. Very important to have the gradual escalation with clear process and solutions so companies dont worry GPL = massive loss of money. The few hit would be a solid example of what happens to worst offenders. Most of that money donated to FOSS infrastructure, legal defenses, or businesses.

                                                                              1. 4

                                                                                … if they dont respond to nice letters and gradual escalation.

                                                                                This put a huge burden on GPL developers and communities.

                                                                                I think that suing them the crap if they don’t start to comply the day after the first email would be a much more effective approach.

                                                                                For one company that try to comply after 5 years, how many other don’t care?
                                                                                This lenient approach give them nothing to lose!

                                                                                Do these company comply to free software license only if they are totally busted?
                                                                                Fine, so most of them don’t comply at all. So there’s nothing communities can lose by suing them.

                                                                                So sadly, free software communities can only obtain respect for their work by suing violators.

                                                                                IMHO, Software Freedom Conservancy is not protecting free software, but corporate’s investments.

                                                                                1. 3

                                                                                  We’re trying to keep the moral high ground here. Plus, reduce the risk of companies avoiding GPL code. They’re already a little afraid of it. It helps to let them know a mistake won’t be an automatic, massive loss. The people doing GPL compliance usually just give them a notice asking them to fix it. I don’t know how often compliance happens but write-ups I’ve seen indicate they had a lot of success just talking to companies.

                                                                                  Note that commercial, copyright holders usually give a takedown notice before legal action as well. Right now, those doing it for content are even doing six strikes with ISP’s. I’d say similarly let them ignore a few emails or contacts that we document to show a pattern of not caring. Then, hit them with a law suit.

                                                                                2. 3

                                                                                  As I understand, for US, you can sue for either actual damage or statutory damage of $30,000. For example, The Qt Company can sue and recover the price of Qt commercial license, and attorney’s fees. I think for Linux and BusyBox it is entirely possible that the enforcement wins and the court awards small damage, resulting in worse compliance in the future.

                                                                                  1. 2

                                                                                    So, in that case, the default commercial license should be something like Oracle’s with actual licenses always being reduced based on traits of the business. In court, you’d cite the non-discounted, Oracle-style licensing of the product with pricing per developer seat, per CPU, per organization, per deployed instance, and per mention of the trademarked name in court documents. Should add up pretty quickly if it’s a big company or a startup. ;)

                                                                                    Nah, in seriousness, I’d be suing under copyright law if possible since a violation is up to $250,000 per count. That’s what the proprietary companies use in combination with patent law. If there’s patents, maybe use that as well. Damages could be pretty high.

                                                                                    “I think for Linux and BusyBox it is entirely possible that the enforcement wins and the court awards small damage, resulting in worse compliance in the future.”

                                                                                    I didn’t think about that. I’d have to make sure the solution addresses it. Alternatively, the response can vary per project.

                                                                                    1. 4

                                                                                      the default commercial license should be…

                                                                                      This remind me of Bruce Perens recommending developers of GPL software to always offer dual license.

                                                                                      1. 2

                                                                                        I didn’t know about that legal angle. Thanks for the link!

                                                                                    2. 1

                                                                                      The “actual demage” is the whole development effort donated by developers of Linux and BusyBox.

                                                                                      Make an estimate, and ask for it.
                                                                                      Indeed, if you don’t want to comply with the GPL you have to buy the copyright from each of the developers or create your own Unix and BusyBox alternative from scratch with comparable effort.

                                                                                      1. 2

                                                                                        While I want this to be true, this strategy is completely untested in the court and if that is the alternative, I fully understand why FSF and SFC are reluctant to pursue such strategy.

                                                                                        1. 2

                                                                                          I fully understand why FSF and SFC are reluctant to pursue such strategy.

                                                                                          Why?

                                                                                          I mean: the gift of developers’ hours under GPL is conditioned to the reciprocity it requires.

                                                                                          Without the reciprocity, that work is not a gift anymore: you either pay for it or comply to the requirements. Still, after license termination, you can just pay.

                                                                                          1. 2

                                                                                            Why? Because it is untested in the court! Or do you have a case number where your strategy worked?

                                                                                            1. 3

                                                                                              Oh… good point!

                                                                                              So it remains untested because… it’s untested!

                                                                                              I guess an exit condition is missing in this loop…

                                                                                1. 4

                                                                                  If you like these kind of ‘hidden operators’, but want some that actually work and are (mostly) useful, take a look at the perlsecret documentation.

                                                                                  (and don’t forget about C’s “goes to” operator while (i --> 0))

                                                                                  1. 6

                                                                                    AntennaPod: podcast app (a little buggy but mostly works)

                                                                                    DNS66: systemwide rootless adblocker

                                                                                    Firefox Klar: Firefox Focus, but free

                                                                                    Silence: texting app

                                                                                    Simple Gallery

                                                                                    Tusky: mastodon client

                                                                                    Unit Converter Ultimate

                                                                                    1. 2

                                                                                      Firefox Klar: Firefox Focus, but free

                                                                                      they are exactly the same. They changed the name to ‘Klar’ (german for ‘clear’) in Germany due to trademark issues (focus.de is a magazine there). It is also not in the main repositories, but in a seperate one that does not build from source.

                                                                                      1. 7

                                                                                        One difference between that two is that Klar have telemetry turned off by default, AFAIK: https://gitlab.com/fdroid/rfp/issues/235

                                                                                      2. 1

                                                                                        If I have root, is DNS66 still better than AdAway?

                                                                                        Also, I’m torn between Tusky and Twidere, if anyone has opinions I’d like to hear them.

                                                                                        1. 4

                                                                                          I’d say AdAway is preferable to DNS66. There’s also Blokada, which works as a pseudo-VPN.